CISA考前串讲讲义和录音

CISA1.ppt、CISA2.ppt、CISA3.ppt

上午对照1－3章PPT串讲：VOICE_0001.MP3、VOICE_0002.MP3、VOICE_0003.MP3

下午打乱章节整体串讲：VOICE_0004.MP3、VOICE_0005.MP3、VOICE_0006.MP3

下午打乱章节整体串讲的一些单词：

Chain of custody
CSMA/CD
CA
TDM
ATDM
FDM
Ad hoc
WLAN
WEP
802.11i
802.11＋EAP
WAP

CGI
Sevelet
Applet
Cookie
Latency
Throughput
Rounding Down
Piggybacking
Deadman door
Phishing
Circuit level
Proxy
Alternative routing
Diverse routing

Long-haul network
Last-mile circuit protection

Ad hoc access

Tuple
Entry
Record
Attribute
Field
Regression
Sociability

Batch control
/balancing
reconciling
verification
negotiable instruments, forms, signature

Assurance
ACK

Source document retention
Internal/external labeling
Version usage
Prerecorded input
Parity
Key verification

Emergency action team

Emergency management team

Emergency operation team

Transportation team
Salvage team
Relocation team

Service downtime

Recovery time

RPO
RTO

Subscribers per site
Subscribers per area

Hot warm cold

Duplicated IPF
Mobile site
Reciprocal agreement

Paper test
Desk-based evaluation
Preparedness test
Full operational test

Location chosen
Protection

Due care/due diligence
Professional skepticism
Judgement
Materiality
Awareness
E&E
Accountability
Traceability
Auditability

Alignment
Compliance
Light-out
Unattended

C.I.A
Conformity

CISA2.ppt：

Chapter 2
IT Governance
Chapter Overview
Corporate Governance
Monitoring and Assurance Practices for Board and Executive Management
Information Systems Strategy
Policies and Procedures
Risk Management
IS Management Practices
IS Organization Structure and Responsibilities
Auditing IT Governance Structure and Implementation
Chapter Objective
Ensure that the CISA candidate-

"Understands and can provide assurance that the organization has the structure, policies, accountability mechanisms and monitoring practices in place to achieve the requirements of corporate governance of IT. "
Chapter Summary
15% of the CISA examination
Around 30 questions

Corporate Governance
Defined as ethical corporate behavior by directors or others charged with governance in the creation and presentation of wealth for all stakeholders.
Contents
Objectives
Means
Monitoring
Outputs
Reduce the frequency of inaccurate financial reporting
Provide greater transparency and accountability
Monitoring and Assurance Practices for Board and Executive Management
IT governance is concerned with two issues: that IT delivers value to the business and that IT risks are mitigated. The first is driven by strategic alignment for IT with the business. The second is driven by embedding accountability into the enterprise.
IT governance is the responsibility of the board of directors and executive management.
IT governance is an integral part of enterprise governance, consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategy and objectives.
A key element of IT governance is the alignment of business and IT
The key IT governance practice are IT strategy committee, risk management and standard IT balanced scorecard
Monitoring and Assurance Practices for Board and Executive Management
Best Practices for IT Governance
IT Strategy Committee
Standard IT Balance Scorecard
Information Security Governance
Enterprise Architecture

Monitoring and Assurance Practices for Board and Executive Management
Best Practices for IT Governance
Audit Role in IT governance
Helps ensure compliance with IT governance initiatives implemented within an organization.
The following aspects related to IT governance need to be assessed:
Alignment (between IT and organization)
Performance (Effectiveness and Efficiency)
Compliance (Legal, environmental-)
The control environment of the organization
The inherent risk within the IS environment

Monitoring and Assurance Practices for Board and Executive Management
IT Strategy Committee
IT Strategy Committee is different from IT Steering Committee
IT Strategy Committee
Provides insight and advice to the board.
IT value, risk, performance
Focus on current and future strategic IT issues
IT Steering Committee
Decides the overall level of IT spending and how costs will be allocated.
Focus on implementation
Monitoring and Assurance Practices for Board and Executive Management
Standard IT Balance Scorecard
Standard IT BSC covers the following aspects
Traditional financial evaluation
Customer satisfaction
Internal (operational) processes
Ability to innovate
Optimum use of IT
Three-layered structure is used in addressing the above perspectives:
Mission
Strategies
Measures
An effective means to aid the IT strategy committee and management in achieving IT and business alignment.
Monitoring and Assurance Practices for Board and Executive Management
Information Security Governance
Information is more important than the IT systems that store and process it, or, data is more important than facilities
Importance of information security governance
Outcomes of security governance
Strategic alignment
Risk management
Value delivery
Resource management
Performance measurement